

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" />
  <meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>管理指南 &mdash; Ceph Documentation</title>
  

  
  <link rel="stylesheet" href="../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/graphviz.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/css/custom.css" type="text/css" />

  
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
        <script src="../../_static/jquery.js"></script>
        <script src="../../_static/_sphinx_javascript_frameworks_compat.js"></script>
        <script data-url_root="../../" id="documentation_options" src="../../_static/documentation_options.js"></script>
        <script src="../../_static/doctools.js"></script>
        <script src="../../_static/sphinx_highlight.js"></script>
    
    <script type="text/javascript" src="../../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../../genindex/" />
    <link rel="search" title="Search" href="../../search/" />
    <link rel="next" title="User Accounts" href="../account/" />
    <link rel="prev" title="Ceph 对象网关配置参考" href="../config-ref/" /> 
</head>

<body class="wy-body-for-nav">

   
  <header class="top-bar">
    <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../../" class="icon icon-home" aria-label="Home"></a></li>
          <li class="breadcrumb-item"><a href="../">Ceph 对象网关</a></li>
      <li class="breadcrumb-item active">管理指南</li>
      <li class="wy-breadcrumbs-aside">
            <a href="../../_sources/radosgw/admin.rst.txt" rel="nofollow"> View page source</a>
      </li>
  </ul>
  <hr/>
</div>
  </header>
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #eee" >
          

          
            <a href="../../" class="icon icon-home"> Ceph
          

          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../search/" method="get">
    <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../start/">Ceph 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../install/">安装 Ceph</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephadm/">Cephadm</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rados/">Ceph 存储集群</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephfs/">Ceph 文件系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rbd/">Ceph 块设备</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../">Ceph 对象网关</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../frontends/">HTTP 前端</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multisite/">多站配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../zone-features/">域的功能</a></li>
<li class="toctree-l2"><a class="reference internal" href="../placement/">存储池归置与存储类</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multisite-sync-policy/">多站同步策略配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pools/">存储池的配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../config-ref/">配置参考</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">管理指南</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#radosgw-user-management">用户管理</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#id3">创建用户</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id4">创建子用户</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id5">获取用户信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id6">修改用户信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#user-suspend">User Suspend</a></li>
<li class="toctree-l4"><a class="reference internal" href="#user-enable">User Enable</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id7">删除用户</a></li>
<li class="toctree-l4"><a class="reference internal" href="#radosgw-admin-remove-a-subuser">删除子用户</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id9">增加、删除密钥</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id10">增加、删除管理能力</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#id11">配额管理</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#id12">设置用户配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id13">启用或禁用用户配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id14">设置桶配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id15">启用、禁用桶配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id16">查看配额配置信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id17">更新配额统计信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#rgw-user-usage-stats">查看用户使用情况的统计信息</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id19">默认配额</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id20">配额缓存</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id21">读取、写入全局配额</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#rate-limit-management">Rate Limit Management</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#read-requests-and-write-requests">Read Requests and Write Requests</a></li>
<li class="toctree-l4"><a class="reference internal" href="#how-metrics-work">How Metrics Work</a></li>
<li class="toctree-l4"><a class="reference internal" href="#set-user-rate-limit">Set User Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#get-user-rate-limit">Get User Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#enable-disable-user-rate-limit">Enable/Disable User Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#set-bucket-rate-limit">Set Bucket Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#get-bucket-rate-limit">Get Bucket Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#enable-and-disable-bucket-rate-limit">Enable and Disable Bucket Rate Limit</a></li>
<li class="toctree-l4"><a class="reference internal" href="#reading-and-writing-global-rate-limit-configuration">Reading and Writing Global Rate Limit Configuration</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#id22">使用情况</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#id23">查看使用情况</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id24">清理统计日志</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../account/">用户账户</a></li>
<li class="toctree-l2"><a class="reference internal" href="../s3/">S3 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../iam/">IAM API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../rgw-cache/">数据缓存和 CDN</a></li>
<li class="toctree-l2"><a class="reference internal" href="../swift/">Swift API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../adminops/">管理操作 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../api/">Python 接口</a></li>
<li class="toctree-l2"><a class="reference internal" href="../nfs/">通过 NFS 导出</a></li>
<li class="toctree-l2"><a class="reference internal" href="../keystone/">与 OpenStack Keystone 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../barbican/">与 OpenStack Barbican 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vault/">与 HashiCorp Vault 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../kmip/">与 KMIP 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../opa/">与 Open Policy Agent 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multitenancy/">多租户</a></li>
<li class="toctree-l2"><a class="reference internal" href="../compression/">压缩</a></li>
<li class="toctree-l2"><a class="reference internal" href="../ldap-auth/">LDAP 认证</a></li>
<li class="toctree-l2"><a class="reference internal" href="../encryption/">服务器端加密</a></li>
<li class="toctree-l2"><a class="reference internal" href="../bucketpolicy/">桶策略</a></li>
<li class="toctree-l2"><a class="reference internal" href="../dynamicresharding/">动态的桶索引重分片</a></li>
<li class="toctree-l2"><a class="reference internal" href="../mfa/">多因子认证</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sync-modules/">同步模块</a></li>
<li class="toctree-l2"><a class="reference internal" href="../notifications/">Bucket Notifications</a></li>
<li class="toctree-l2"><a class="reference internal" href="../layout/">RADOS 中的数据布局</a></li>
<li class="toctree-l2"><a class="reference internal" href="../STS/">STS</a></li>
<li class="toctree-l2"><a class="reference internal" href="../STSLite/">STS Lite</a></li>
<li class="toctree-l2"><a class="reference internal" href="../keycloak/">Keycloak</a></li>
<li class="toctree-l2"><a class="reference internal" href="../session-tags/">Session Tags</a></li>
<li class="toctree-l2"><a class="reference internal" href="../role/">Role</a></li>
<li class="toctree-l2"><a class="reference internal" href="../orphans/">Orphan List and Associated Tooliing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../oidc/">OpenID Connect Provider</a></li>
<li class="toctree-l2"><a class="reference internal" href="../troubleshooting/">故障排除</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../man/8/radosgw/">radosgw 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../man/8/radosgw-admin/">radosgw-admin 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../qat-accel/">使用 QAT 为加密和压缩提速</a></li>
<li class="toctree-l2"><a class="reference internal" href="../s3select/">S3-select</a></li>
<li class="toctree-l2"><a class="reference internal" href="../lua-scripting/">Lua Scripting</a></li>
<li class="toctree-l2"><a class="reference internal" href="../d3n_datacache/">D3N Data Cache</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cloud-transition/">Cloud Transition</a></li>
<li class="toctree-l2"><a class="reference internal" href="../metrics/">Metrics</a></li>
<li class="toctree-l2"><a class="reference internal" href="../uadk-accel/">UADK Acceleration for Compression</a></li>
<li class="toctree-l2"><a class="reference internal" href="../bucket_logging/">桶的日志记录</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/">Ceph 管理器守护进程</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/dashboard/">Ceph 仪表盘</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../monitoring/">监控概览</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../api/">API 文档</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../architecture/">体系结构</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/developer_guide/">开发者指南</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/internals/">Ceph 内幕</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../governance/">项目管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../foundation/">Ceph 基金会</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../ceph-volume/">ceph-volume</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/general/">Ceph 版本（总目录）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/">Ceph 版本（索引）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../security/">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../hardware-monitoring/">硬件监控</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../glossary/">Ceph 术语</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../jaegertracing/">Tracing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../translation_cn/">中文版翻译资源</a></li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../">Ceph</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
<div id="dev-warning" class="admonition note">
  <p class="first admonition-title">Notice</p>
  <p class="last">This document is for a development version of Ceph.</p>
</div>
  <div id="docubetter" align="right" style="padding: 5px; font-weight: bold;">
    <a href="https://pad.ceph.com/p/Report_Documentation_Bugs">Report a Documentation Bug</a>
  </div>

  
  <section id="id1">
<h1>管理指南<a class="headerlink" href="#id1" title="Permalink to this heading"></a></h1>
<p>你配置好 Ceph 对象存储服务并运行正常之后，就可以管理服务了，
有用户管理、访问控制、配额管理、和使用情况跟踪等功能。</p>
<section id="radosgw-user-management">
<span id="id2"></span><h2>用户管理<a class="headerlink" href="#radosgw-user-management" title="Permalink to this heading"></a></h2>
<p>Ceph 对象存储的用户管理指的是 Ceph 对象存储服务的用户（换句话说，
不是 Ceph 对象网关作为 Ceph 存储集群的一个用户）。你必须创建一个用户、
访问密钥和私钥，这样最终用户才能和 Ceph 对象网关服务交互。
为了便于管理，还可以选择让用户归属于 <a class="reference external" href="../account/">Accounts</a> 。</p>
<p>有两种用户类型：</p>
<ul class="simple">
<li><p><strong>用户:</strong> ‘user’ 这个术语反映的是 S3 接口的用户。</p></li>
<li><p><strong>子用户:</strong> ‘subuser’ 这个术语反映的是 Swift 接口的用户。子用户关联到了用户。</p></li>
</ul>
<p class="ditaa">
<img src="../../_images/ditaa-70a1f63b87f6ae6aa1e7beb9b901364d2df74bff.png"/>
</p>
<p>Users and subusers can be created, modified, viewed, suspended and removed.
you may add a Display names and an email addresses can be added to user
profiles. Keys and secrets can either be specified or generated automatically.
When generating or specifying keys, remember that user IDs correspond to S3 key
types and subuser IDs correspond to Swift key types.</p>
<p>Swift keys have access levels of <code class="docutils literal notranslate"><span class="pre">read</span></code>, <code class="docutils literal notranslate"><span class="pre">write</span></code>, <code class="docutils literal notranslate"><span class="pre">readwrite</span></code> and
<code class="docutils literal notranslate"><span class="pre">full</span></code>.</p>
<section id="id3">
<h3>创建用户<a class="headerlink" href="#id3" title="Permalink to this heading"></a></h3>
<p>To create a user (S3 interface), run a command of the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><style type="text/css">
span.prompt1:before {
  content: "$ ";
}
</style><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span>create<span class="w"> </span>--uid<span class="o">={</span>username<span class="o">}</span><span class="w"> </span>--display-name<span class="o">=</span><span class="s2">&quot;{display-name}&quot;</span><span class="w"> </span><span class="o">[</span>--email<span class="o">={</span>email<span class="o">}]</span></span>
</pre></div></div><p>例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span>create<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--display-name<span class="o">=</span><span class="s2">&quot;John Doe&quot;</span><span class="w"> </span>--email<span class="o">=</span>john@example.com</span>
</pre></div></div><div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user_id&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;johndoe&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;display_name&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;John Doe&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;email&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;john@example.com&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;suspended&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">0</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;max_buckets&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">1000</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;subusers&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[],</span>
<span class="w">  </span><span class="s2">&quot;keys&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>
<span class="w">        </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;johndoe&quot;</span><span class="p">,</span>
<span class="w">          </span><span class="s2">&quot;access_key&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;11BS02LGFB6AL6H1ADMW&quot;</span><span class="p">,</span>
<span class="w">          </span><span class="s2">&quot;secret_key&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;vzCEkuryfn060dfee4fgQPqFrncKEIkh3ZcdOANY&quot;</span><span class="p">}],</span>
<span class="w">  </span><span class="s2">&quot;swift_keys&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[],</span>
<span class="w">  </span><span class="s2">&quot;caps&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[],</span>
<span class="w">  </span><span class="s2">&quot;op_mask&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;read, write, delete&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;default_placement&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;placement_tags&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[],</span>
<span class="w">  </span><span class="s2">&quot;bucket_quota&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;enabled&quot;</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;max_size_kb&quot;</span><span class="o">:</span><span class="w"> </span><span class="o">-</span><span class="mf">1</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;max_objects&quot;</span><span class="o">:</span><span class="w"> </span><span class="o">-</span><span class="mf">1</span><span class="p">},</span>
<span class="w">  </span><span class="s2">&quot;user_quota&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;enabled&quot;</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;max_size_kb&quot;</span><span class="o">:</span><span class="w"> </span><span class="o">-</span><span class="mf">1</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;max_objects&quot;</span><span class="o">:</span><span class="w"> </span><span class="o">-</span><span class="mf">1</span><span class="p">},</span>
<span class="w">  </span><span class="s2">&quot;temp_url_keys&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[]}</span>
</pre></div>
</div>
<p>The creation of a user entails the creation of an <code class="docutils literal notranslate"><span class="pre">access_key</span></code> and a
<code class="docutils literal notranslate"><span class="pre">secret_key</span></code> entry, which can be used with any S3 API-compatible client.</p>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>Check the key output. Sometimes <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span></code> generates a
JSON escape (<code class="docutils literal notranslate"><span class="pre">\</span></code>) character, and some clients do not know how to handle
JSON escape characters. Remedies include removing the JSON escape character
(<code class="docutils literal notranslate"><span class="pre">\</span></code>), encapsulating the string in quotes, regenerating the key and
ensuring that it does not have a JSON escape character, or specifying the
key and secret manually.</p>
</div>
</section>
<section id="id4">
<h3>创建子用户<a class="headerlink" href="#id4" title="Permalink to this heading"></a></h3>
<p>要创建用户的子用户（ Swift 接口），必须指定用户 ID （
<code class="docutils literal notranslate"><span class="pre">--uid={username}</span></code> ）、子用户 ID 和这个子用户的访问级别。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>subuser<span class="w"> </span>create<span class="w"> </span>--uid<span class="o">={</span>uid<span class="o">}</span><span class="w"> </span>--subuser<span class="o">={</span>uid<span class="o">}</span><span class="w"> </span>--access<span class="o">=[</span><span class="w"> </span><span class="nb">read</span><span class="w"> </span><span class="p">|</span><span class="w"> </span>write<span class="w"> </span><span class="p">|</span><span class="w"> </span>readwrite<span class="w"> </span><span class="p">|</span><span class="w"> </span>full<span class="w"> </span><span class="o">]</span></span>
</pre></div></div><p>例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>subuser<span class="w"> </span>create<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--subuser<span class="o">=</span>johndoe:swift<span class="w"> </span>--access<span class="o">=</span>full</span>
</pre></div></div><div class="admonition note">
<p class="admonition-title">Note</p>
<p><code class="docutils literal notranslate"><span class="pre">full</span></code> 和 <code class="docutils literal notranslate"><span class="pre">readwrite</span></code> 不一样。 <code class="docutils literal notranslate"><span class="pre">full</span></code> 访问级别包括
<code class="docutils literal notranslate"><span class="pre">read</span></code> 和 <code class="docutils literal notranslate"><span class="pre">write</span></code> ，而且还包括访问控制策略。</p>
</div>
<div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user_id&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;johndoe&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;display_name&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;John Doe&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;email&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;john@example.com&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;suspended&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">0</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;max_buckets&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">1000</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;subusers&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>
<span class="w">        </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;id&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;johndoe:swift&quot;</span><span class="p">,</span>
<span class="w">          </span><span class="s2">&quot;permissions&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;full-control&quot;</span><span class="p">}],</span>
<span class="w">  </span><span class="s2">&quot;keys&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>
<span class="w">        </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;johndoe&quot;</span><span class="p">,</span>
<span class="w">          </span><span class="s2">&quot;access_key&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;11BS02LGFB6AL6H1ADMW&quot;</span><span class="p">,</span>
<span class="w">          </span><span class="s2">&quot;secret_key&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;vzCEkuryfn060dfee4fgQPqFrncKEIkh3ZcdOANY&quot;</span><span class="p">}],</span>
<span class="w">  </span><span class="s2">&quot;swift_keys&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[],</span>
<span class="w">  </span><span class="s2">&quot;caps&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[],</span>
<span class="w">  </span><span class="s2">&quot;op_mask&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;read, write, delete&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;default_placement&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;placement_tags&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[],</span>
<span class="w">  </span><span class="s2">&quot;bucket_quota&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;enabled&quot;</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;max_size_kb&quot;</span><span class="o">:</span><span class="w"> </span><span class="o">-</span><span class="mf">1</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;max_objects&quot;</span><span class="o">:</span><span class="w"> </span><span class="o">-</span><span class="mf">1</span><span class="p">},</span>
<span class="w">  </span><span class="s2">&quot;user_quota&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;enabled&quot;</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;max_size_kb&quot;</span><span class="o">:</span><span class="w"> </span><span class="o">-</span><span class="mf">1</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;max_objects&quot;</span><span class="o">:</span><span class="w"> </span><span class="o">-</span><span class="mf">1</span><span class="p">},</span>
<span class="w">  </span><span class="s2">&quot;temp_url_keys&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[]}</span>
</pre></div>
</div>
</section>
<section id="id5">
<h3>获取用户信息<a class="headerlink" href="#id5" title="Permalink to this heading"></a></h3>
<p>要获取某一用户的信息，可指定 <code class="docutils literal notranslate"><span class="pre">user</span> <span class="pre">info</span></code> 和用户 ID （ <code class="docutils literal notranslate"><span class="pre">--uid={username}</span></code> ）。
执行下列命令：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span>info<span class="w"> </span>--uid<span class="o">=</span>johndoe</span>
</pre></div></div></section>
<section id="id6">
<h3>修改用户信息<a class="headerlink" href="#id6" title="Permalink to this heading"></a></h3>
<p>To modify information about a user, specify the user ID (<code class="docutils literal notranslate"><span class="pre">--uid={username}</span></code>)
and the attributes that you want to modify. Typical modifications are made to
keys and secrets, email addresses, display names, and access levels. Use a
command of the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span>modify<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--display-name<span class="o">=</span><span class="s2">&quot;John E. Doe&quot;</span></span>
</pre></div></div><p>To modify subuser values, specify <code class="docutils literal notranslate"><span class="pre">subuser</span> <span class="pre">modify</span></code>, user ID and the subuser
ID. Use a command of the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>subuser<span class="w"> </span>modify<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--subuser<span class="o">=</span>johndoe:swift<span class="w"> </span>--access<span class="o">=</span>full</span>
</pre></div></div></section>
<section id="user-suspend">
<h3>User Suspend<a class="headerlink" href="#user-suspend" title="Permalink to this heading"></a></h3>
<p>When a user is created, the user is enabled by default. However, it is possible
to suspend user privileges and to re-enable them at a later time. To suspend a
user, specify <code class="docutils literal notranslate"><span class="pre">user</span> <span class="pre">suspend</span></code> and the user ID in a command of the following
form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span><span class="nb">suspend</span><span class="w"> </span>--uid<span class="o">=</span>johndoe</span>
</pre></div></div></section>
<section id="user-enable">
<h3>User Enable<a class="headerlink" href="#user-enable" title="Permalink to this heading"></a></h3>
<p>To re-enable a suspended user, provide <code class="docutils literal notranslate"><span class="pre">user</span> <span class="pre">enable</span></code> and specify the user ID
in a command of the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--uid<span class="o">=</span>johndoe</span>
</pre></div></div><div class="admonition note">
<p class="admonition-title">Note</p>
<p>Disabling the user also disables any subusers.</p>
</div>
</section>
<section id="id7">
<h3>删除用户<a class="headerlink" href="#id7" title="Permalink to this heading"></a></h3>
<p>删除用户时，这个用户以及他的子用户都会被删除。</p>
<p>可以只删除子用户。
It is possible to remove a subuser without removing its associated user. This
is covered in the section called <a class="reference internal" href="#radosgw-admin-remove-a-subuser"><span class="std std-ref">Remove a Subuser</span></a>.</p>
<p>要删除用户（及其子用户），可指定 <code class="docutils literal notranslate"><span class="pre">user</span> <span class="pre">rm</span></code> 和用户 ID ：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span>rm<span class="w"> </span>--uid<span class="o">=</span>johndoe</span>
</pre></div></div><p>选项有：</p>
<ul class="simple">
<li><p><strong>清除数据：</strong> 加 <code class="docutils literal notranslate"><span class="pre">--purge-data</span></code> 选项可清除与此 UID 相关的所有数据。</p></li>
<li><p><strong>清除密钥：</strong> 加 <code class="docutils literal notranslate"><span class="pre">--purge-keys</span></code> 选项可清除与此 UID 相关的所有密钥。</p></li>
</ul>
</section>
<section id="radosgw-admin-remove-a-subuser">
<span id="id8"></span><h3>删除子用户<a class="headerlink" href="#radosgw-admin-remove-a-subuser" title="Permalink to this heading"></a></h3>
<p>你删除子用户的同时，也失去了 Swift 接口的访问方式，但是这个用户还在系统中存在。</p>
<p>要删除子用户，可指定 <code class="docutils literal notranslate"><span class="pre">subuser</span> <span class="pre">rm</span></code> 及子用户 ID ：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>subuser<span class="w"> </span>rm<span class="w"> </span>--subuser<span class="o">=</span>johndoe:swift</span>
</pre></div></div><p>选项有：</p>
<ul class="simple">
<li><p><strong>清除密钥：</strong> 加 <code class="docutils literal notranslate"><span class="pre">--purge-keys</span></code> 选项可清除与此 UID 相关的所有密钥。</p></li>
</ul>
</section>
<section id="id9">
<h3>增加、删除密钥<a class="headerlink" href="#id9" title="Permalink to this heading"></a></h3>
<p>用户和子用户都必须有密钥才能访问 S3 或 Swift 接口。用 S3 访问时，用户需要一个由访问密钥和私钥组成的密钥对；而用 Swift 访问时，通常只需要一个私钥（密码），并且要和相关的用户 ID 一起用才行。你可以创建密钥，并指定或生成访问密钥和/或私钥；也可以删除密钥。相关选项有：</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">--key-type=&lt;type&gt;</span></code> 指定密钥类型，选项有： s3 、 swift ；</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">--access-key=&lt;key&gt;</span></code> 手动指定 S3 的访问密钥；</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">--secret-key=&lt;key&gt;</span></code> 手动指定 S3 私钥或者 Swift 私钥；</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">--gen-access-key</span></code> 自动生成随机的 S3 访问密钥；</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">--gen-secret</span></code> 自动生成一个随机的 S3 私钥或随机的 Swift 私钥。</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">--generate-key</span></code> create user with or without credentials. If sets to false, then user cannot set <code class="docutils literal notranslate"><span class="pre">gen-secret/gen-access-key/access-key/secret-key</span></code></p></li>
</ul>
<section id="adding-s3-keys">
<h4>Adding S3 keys<a class="headerlink" href="#adding-s3-keys" title="Permalink to this heading"></a></h4>
<p>给用户人为指定 S3 密钥对的实例如下：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>key<span class="w"> </span>create<span class="w"> </span>--uid<span class="o">=</span>foo<span class="w"> </span>--key-type<span class="o">=</span>s3<span class="w"> </span>--access-key<span class="w"> </span>fooAccessKey<span class="w"> </span>--secret-key<span class="w"> </span>fooSecretKey</span>
</pre></div></div><div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user_id&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;rados_uid&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">0</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;display_name&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;email&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo@example.com&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;suspended&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">0</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;keys&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>
<span class="w">    </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo&quot;</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;access_key&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;fooAccessKey&quot;</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;secret_key&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;fooSecretKey&quot;</span><span class="p">}],</span>
<span class="p">}</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>你可以给一个用户创建多个 S3 密钥对。</p>
</div>
</section>
<section id="adding-swift-secret-keys">
<h4>Adding Swift secret keys<a class="headerlink" href="#adding-swift-secret-keys" title="Permalink to this heading"></a></h4>
<p>给一个子用户配置指定的 swift 私钥：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>key<span class="w"> </span>create<span class="w"> </span>--subuser<span class="o">=</span>foo:bar<span class="w"> </span>--key-type<span class="o">=</span>swift<span class="w"> </span>--secret-key<span class="w"> </span>barSecret</span>
</pre></div></div><div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user_id&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;rados_uid&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">0</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;display_name&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;email&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo@example.com&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;suspended&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">0</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;subusers&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>
<span class="w">     </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;id&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo:bar&quot;</span><span class="p">,</span>
<span class="w">       </span><span class="s2">&quot;permissions&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;full-control&quot;</span><span class="p">}],</span>
<span class="w">  </span><span class="s2">&quot;swift_keys&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>
<span class="w">    </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo:bar&quot;</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;secret_key&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;asfghjghghmgm&quot;</span><span class="p">}]}</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>一个子用户只能有一个 swift 私钥。</p>
</div>
</section>
<section id="associating-subusers-with-s3-key-pairs">
<h4>Associating subusers with S3 key pairs<a class="headerlink" href="#associating-subusers-with-s3-key-pairs" title="Permalink to this heading"></a></h4>
<p>如果将子用户与 S3 密钥对关联，那么这些子用户也能用于 S3 API ，执行下列命令：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>key<span class="w"> </span>create<span class="w"> </span>--subuser<span class="o">=</span>foo:bar<span class="w"> </span>--key-type<span class="o">=</span>s3<span class="w"> </span>--access-key<span class="w"> </span>barAccessKey<span class="w"> </span>--secret-key<span class="w"> </span>barSecretKey</span>
</pre></div></div><div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span>
</pre></div>
</div>
<div class="highlight-javascript notranslate"><div class="highlight"><pre><span></span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user_id&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;rados_uid&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">0</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;display_name&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;email&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo@example.com&quot;</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;suspended&quot;</span><span class="o">:</span><span class="w"> </span><span class="mf">0</span><span class="p">,</span>
<span class="w">  </span><span class="s2">&quot;subusers&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>
<span class="w">     </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;id&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo:bar&quot;</span><span class="p">,</span>
<span class="w">       </span><span class="s2">&quot;permissions&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;full-control&quot;</span><span class="p">}],</span>
<span class="w">  </span><span class="s2">&quot;keys&quot;</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>
<span class="w">    </span><span class="p">{</span><span class="w"> </span><span class="s2">&quot;user&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;foo:bar&quot;</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;access_key&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;barAccessKey&quot;</span><span class="p">,</span>
<span class="w">      </span><span class="s2">&quot;secret_key&quot;</span><span class="o">:</span><span class="w"> </span><span class="s2">&quot;barSecretKey&quot;</span><span class="p">}],</span>
<span class="p">}</span>
</pre></div>
</div>
</section>
<section id="removing-s3-key-pairs">
<h4>Removing S3 key pairs<a class="headerlink" href="#removing-s3-key-pairs" title="Permalink to this heading"></a></h4>
<p>要删除一个 S3 密钥对，需指定访问密钥。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>key<span class="w"> </span>rm<span class="w"> </span>--uid<span class="o">=</span>foo<span class="w"> </span>--key-type<span class="o">=</span>s3<span class="w"> </span>--access-key<span class="o">=</span>fooAccessKey</span>
</pre></div></div></section>
<section id="removing-swift-secret-keys">
<h4>Removing Swift secret keys<a class="headerlink" href="#removing-swift-secret-keys" title="Permalink to this heading"></a></h4>
<p>删除 swift 私钥。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>key<span class="w"> </span>rm<span class="w"> </span>--subuser<span class="o">=</span>foo:bar<span class="w"> </span>--key-type<span class="o">=</span>swift</span>
</pre></div></div></section>
</section>
<section id="id10">
<h3>增加、删除管理能力<a class="headerlink" href="#id10" title="Permalink to this heading"></a></h3>
<p>Ceph 存储集群提供了一个管理 API ，用户可以通过 REST API 使用管理功能。默认情况下，用户<strong>无权</strong>访问这个 API ，给用户分配管理能力后，他才能使用管理功能。</p>
<p>要给用户分配管理能力，执行下列命令：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>caps<span class="w"> </span>add<span class="w"> </span>--uid<span class="o">={</span>uid<span class="o">}</span><span class="w"> </span>--caps<span class="o">={</span>caps<span class="o">}</span></span>
</pre></div></div><p>你可以给 users 、 buckets 、 metadata 和 usage （利用率）分配
read 、 write 或 all 能力，例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">--caps<span class="o">=</span><span class="s2">&quot;[users|buckets|metadata|usage|zone|amz-cache|info|bilog|mdlog|datalog|user-policy|oidc-provider|roles|ratelimit|user-info-without-keys]=[\*|read|write|read, write]&quot;</span></span>
</pre></div></div><p>例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>caps<span class="w"> </span>add<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--caps<span class="o">=</span><span class="s2">&quot;users=*;buckets=*&quot;</span></span>
</pre></div></div><p>要删除某用户的管理能力，可用下面的命令：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>caps<span class="w"> </span>rm<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--caps<span class="o">={</span>caps<span class="o">}</span></span>
</pre></div></div></section>
</section>
<section id="id11">
<h2>配额管理<a class="headerlink" href="#id11" title="Permalink to this heading"></a></h2>
<p>Ceph 对象网关允许你给用户及其拥有的桶设置配额，可设置的配额有桶内的最大对象数、和桶可以存储的最大数据尺寸。</p>
<ul class="simple">
<li><p><strong>桶：</strong> 加 <code class="docutils literal notranslate"><span class="pre">--bucket</span></code> 选项说明配额操作作用于用户拥有的桶。</p></li>
<li><p><strong>最大对象数：</strong> <code class="docutils literal notranslate"><span class="pre">--max-objects</span></code> 选项用于指定最大对象数，负值表示禁用此配置。</p></li>
<li><p><strong>最大尺寸：</strong> <code class="docutils literal notranslate"><span class="pre">--max-size</span></code> 选项用于指定配额尺寸，单位是 B/K/M/G/T ，默认值为 B 。负值表示禁用此配置。</p></li>
<li><p><strong>配额作用域：</strong> <code class="docutils literal notranslate"><span class="pre">--quota-scope</span></code> 参数可指定配额的作用域，可选的有 <code class="docutils literal notranslate"><span class="pre">bucket</span></code> 和 <code class="docutils literal notranslate"><span class="pre">user</span></code> 。桶配额作用于用户拥有的桶；用户配额作用于用户。</p></li>
</ul>
<section id="id12">
<h3>设置用户配额<a class="headerlink" href="#id12" title="Permalink to this heading"></a></h3>
<p>启用配额前，必须先配置配额参数。例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>quota<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--quota-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;<span class="w"> </span><span class="o">[</span>--max-objects<span class="o">=</span>&lt;num<span class="w"> </span>objects&gt;<span class="o">]</span><span class="w"> </span><span class="o">[</span>--max-size<span class="o">=</span>&lt;max<span class="w"> </span>size&gt;<span class="o">]</span></span>
</pre></div></div><p>例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>quota<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--quota-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--max-objects<span class="o">=</span><span class="m">1024</span><span class="w"> </span>--max-size<span class="o">=</span>1024B</span>
</pre></div></div><p><code class="docutils literal notranslate"><span class="pre">--max-objects</span></code> 或 <code class="docutils literal notranslate"><span class="pre">--max-size</span></code> 的参数为负值时，表示禁用这种配额属性。</p>
</section>
<section id="id13">
<h3>启用或禁用用户配额<a class="headerlink" href="#id13" title="Permalink to this heading"></a></h3>
<p>设置好用户配额后就可以启用了。例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>quota<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--quota-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;</span>
</pre></div></div><p>你也可以关闭已启用的用户配额功能。例如：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>quota<span class="w"> </span>disable<span class="w"> </span>--quota-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;</span>
</pre></div></div></section>
<section id="id14">
<h3>设置桶配额<a class="headerlink" href="#id14" title="Permalink to this heading"></a></h3>
<p>Bucket quotas apply to the buckets owned by the specified <code class="docutils literal notranslate"><span class="pre">uid</span></code>. They are
independent of the user. To set a bucket quota, run a command of the following
form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>quota<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;<span class="w"> </span>--quota-scope<span class="o">=</span>bucket<span class="w"> </span><span class="o">[</span>--max-objects<span class="o">=</span>&lt;num<span class="w"> </span>objects&gt;<span class="o">]</span><span class="w"> </span><span class="o">[</span>--max-size<span class="o">=</span>&lt;max<span class="w"> </span>size<span class="o">]</span></span>
</pre></div></div><p>A negative value for <code class="docutils literal notranslate"><span class="pre">--max-objects</span></code> or <code class="docutils literal notranslate"><span class="pre">--max-size</span></code> means that the
specific quota attribute is disabled.</p>
</section>
<section id="id15">
<h3>启用、禁用桶配额<a class="headerlink" href="#id15" title="Permalink to this heading"></a></h3>
<p>设置好桶配额后，必须启用才能生效。启用桶配额用下面的命令：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>quota<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--quota-scope<span class="o">=</span>bucket<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;</span>
</pre></div></div><p>要禁用一个已经启用的桶配额，按下列格式运行命令：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>quota<span class="w"> </span>disable<span class="w"> </span>--quota-scope<span class="o">=</span>bucket<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;</span>
</pre></div></div></section>
<section id="id16">
<h3>查看配额配置信息<a class="headerlink" href="#id16" title="Permalink to this heading"></a></h3>
<p>You may access each user’s quota settings via the user information
API. To read user quota setting information with the CLI interface,
execute the following:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span>info<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;</span>
</pre></div></div></section>
<section id="id17">
<h3>更新配额统计信息<a class="headerlink" href="#id17" title="Permalink to this heading"></a></h3>
<p>Quota stats are updated asynchronously. You can update quota statistics for all
users and all buckets manually to force an update of the latest quota stats. To
update quota statistics for all users and all buckets in order to retrieve the
latest quota statistics, run a command of the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span>stats<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;<span class="w"> </span>--sync-stats</span>
</pre></div></div></section>
<section id="rgw-user-usage-stats">
<span id="id18"></span><h3>查看用户使用情况的统计信息<a class="headerlink" href="#rgw-user-usage-stats" title="Permalink to this heading"></a></h3>
<p>查看用户已经消耗了多少配额可以用下列命令：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>user<span class="w"> </span>stats<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;</span>
</pre></div></div><div class="admonition note">
<p class="admonition-title">Note</p>
<p>你可以用 <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">user</span> <span class="pre">stats</span></code> 命令，加上
<code class="docutils literal notranslate"><span class="pre">--sync-stats</span></code> 选项来获取最新数据。</p>
</div>
</section>
<section id="id19">
<h3>默认配额<a class="headerlink" href="#id19" title="Permalink to this heading"></a></h3>
<p>你可以在配置文件里设置默认配额，新增用户会采用这些默认值，而已经存在的用户不受影响。如果相关的默认配额是写在配置文件里的，那么这些配额会分配给新用户，并对其启用配额管理功能。请参考
<a class="reference external" href="../config-ref/">Ceph 对象网关配置参考</a>里的 <code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">bucket</span> <span class="pre">default</span> <span class="pre">quota</span> <span class="pre">max</span> <span class="pre">objects</span></code> 、
<code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">bucket</span> <span class="pre">default</span> <span class="pre">quota</span> <span class="pre">max</span> <span class="pre">size</span></code> 、 <code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">user</span> <span class="pre">default</span> <span class="pre">quota</span> <span class="pre">max</span> <span class="pre">objects</span></code>
和 <code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">user</span> <span class="pre">default</span> <span class="pre">quota</span> <span class="pre">max</span> <span class="pre">size</span></code> 。</p>
</section>
<section id="id20">
<h3>配额缓存<a class="headerlink" href="#id20" title="Permalink to this heading"></a></h3>
<p>配额统计信息缓存在各个 RGW 例程内。如果有多个例程，这些缓存就会妨碍配额的完整施行，因为各例程可能持有不同的配额信息。</p>
<p>控制此行为的选项有：</p>
<p><a class="reference internal" href="../config-ref/#confval-rgw_bucket_quota_ttl"><code class="xref std std-confval docutils literal notranslate"><span class="pre">rgw_bucket_quota_ttl</span></code></a>
<a class="reference internal" href="../config-ref/#confval-rgw_user_quota_bucket_sync_interval"><code class="xref std std-confval docutils literal notranslate"><span class="pre">rgw_user_quota_bucket_sync_interval</span></code></a>
<a class="reference internal" href="../config-ref/#confval-rgw_user_quota_sync_interval"><code class="xref std std-confval docutils literal notranslate"><span class="pre">rgw_user_quota_sync_interval</span></code></a></p>
<p>这些值设置得越高，配额操作越高效，
但是多个例程也会变得更不同步；
这些值设置得越低，多个例程就越接近完整地施行配额。</p>
<p>如果三者都是 <code class="docutils literal notranslate"><span class="pre">0</span></code> ，那就意味着配额缓存被禁用了，
这样多个例程就会完整地施行配额。
请参考<a class="reference external" href="../config-ref/">Ceph 对象网关配置参考</a>。</p>
</section>
<section id="id21">
<h3>读取、写入全局配额<a class="headerlink" href="#id21" title="Permalink to this heading"></a></h3>
<p>你可以在 period 配置中读取或写入全局配额设置，查看全局配额配置可以用：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>quota<span class="w"> </span>get</span>
</pre></div></div><p>全局配额选项可以用 <code class="docutils literal notranslate"><span class="pre">global</span> <span class="pre">quota</span></code> 系列命令修改，如
<code class="docutils literal notranslate"><span class="pre">quota</span> <span class="pre">set</span></code> 、 <code class="docutils literal notranslate"><span class="pre">quota</span> <span class="pre">enable</span></code> 和 <code class="docutils literal notranslate"><span class="pre">quota</span> <span class="pre">disable</span></code> 命令。</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>quota<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--quota-scope<span class="w"> </span>bucket<span class="w"> </span>--max-objects<span class="w"> </span><span class="m">1024</span></span>
<span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>quota<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--quota-scope<span class="w"> </span>bucket</span>
</pre></div></div><div class="admonition note">
<p class="admonition-title">Note</p>
<p>多站配置方案中有 realm 和 period ，改变全局配额后，必须用 <code class="docutils literal notranslate"><span class="pre">period</span> <span class="pre">update</span> <span class="pre">--commit</span></code> 提交变更。如果压根没有
period ，必须重启网关，以使变更生效。</p>
</div>
</section>
</section>
<section id="rate-limit-management">
<h2>Rate Limit Management<a class="headerlink" href="#rate-limit-management" title="Permalink to this heading"></a></h2>
<p>Quotas can be set for The Ceph Object Gateway on users and buckets. The “rate
limit” includes the maximum number of read operations (read ops) and write
operations (write ops) per minute as well as the number of bytes per minute
that can be written or read per user or per bucket.</p>
<section id="read-requests-and-write-requests">
<h3>Read Requests and Write Requests<a class="headerlink" href="#read-requests-and-write-requests" title="Permalink to this heading"></a></h3>
<p>Operations that use the <code class="docutils literal notranslate"><span class="pre">GET</span></code> method or the <code class="docutils literal notranslate"><span class="pre">HEAD</span></code> method in their REST
requests are “read requests”. All other requests are “write requests”.</p>
</section>
<section id="how-metrics-work">
<h3>How Metrics Work<a class="headerlink" href="#how-metrics-work" title="Permalink to this heading"></a></h3>
<p>Each object gateway tracks per-user metrics separately from bucket metrics.
These metrics are not shared with other gateways. The configured limits should
be divided by the number of active object gateways. For example, if “user A” is
to be be limited to 10 ops per minute and there are two object gateways in the
cluster, then the limit on “user A” should be <code class="docutils literal notranslate"><span class="pre">5</span></code> (10 ops per minute / 2
RGWs). If the requests are <strong>not</strong> balanced between RGWs, the rate limit might
be underutilized. For example: if the ops limit is <code class="docutils literal notranslate"><span class="pre">5</span></code> and there are two
RGWs, <strong>but</strong> the Load Balancer sends load to only one of those RGWs, the
effective limit is 5 ops, because this limit is enforced per RGW. If the rate
limit that has been set for the bucket has been reached but the rate limit that
has been set for the user has not been reached, then the request is cancelled.
The contrary holds as well: if the rate limit that has been set for the user
has been reached but the rate limit that has been set for the bucket has not
been reached, then the request is cancelled.</p>
<p>The accounting of bandwidth happens only after a request has been accepted.
This means that requests will proceed even if the bucket rate limit or user
rate limit is reached during the execution of the request. The RGW keeps track
of a “debt” consisting of bytes used in excess of the configured value; users
or buckets that incur this kind of debt are prevented  from sending more
requests until the “debt” has been repaid. The maximum size of the “debt” is
twice the max-read/write-bytes per minute. If “user A” is subject to a 1-byte
read limit per minute and they attempt to GET an object that is 1 GB in size,
then the <code class="docutils literal notranslate"><span class="pre">GET</span></code> action will fail. After “user A” has completed this 1 GB
operation, RGW blocks the user’s requests for up to two minutes. After this
time has elapsed, “user A” will be able to send <code class="docutils literal notranslate"><span class="pre">GET</span></code> requests again.</p>
<ul class="simple">
<li><p><strong>Bucket:</strong> The <code class="docutils literal notranslate"><span class="pre">--bucket</span></code> option allows you to specify a rate limit for a
bucket.</p></li>
<li><p><strong>User:</strong> The <code class="docutils literal notranslate"><span class="pre">--uid</span></code> option allows you to specify a rate limit for a
user.</p></li>
<li><p><strong>Maximum Read Ops:</strong> The <code class="docutils literal notranslate"><span class="pre">--max-read-ops</span></code> setting allows you to limit read
bytes per minute per RGW instance. A <code class="docutils literal notranslate"><span class="pre">0</span></code> value disables throttling.</p></li>
<li><p><strong>Maximum Read Bytes:</strong> The <code class="docutils literal notranslate"><span class="pre">--max-read-bytes</span></code> setting allows you to limit
read bytes per minute per RGW instance. A <code class="docutils literal notranslate"><span class="pre">0</span></code> value disables throttling.</p></li>
<li><p><strong>Maximum Write Ops:</strong> The <code class="docutils literal notranslate"><span class="pre">--max-write-ops</span></code> setting allows you to specify
the maximum number of write ops per minute per RGW instance. A <code class="docutils literal notranslate"><span class="pre">0</span></code> value
disables throttling.</p></li>
<li><p><strong>Maximum Write Bytes:</strong> The <code class="docutils literal notranslate"><span class="pre">--max-write-bytes</span></code> setting allows you to
specify the maximum number of write bytes per minute per RGW instance. A
<code class="docutils literal notranslate"><span class="pre">0</span></code> value disables throttling.</p></li>
<li><p><strong>Rate Limit Scope:</strong> The <code class="docutils literal notranslate"><span class="pre">--ratelimit-scope</span></code> option sets the scope for the
rate limit.  The options are <code class="docutils literal notranslate"><span class="pre">bucket</span></code> , <code class="docutils literal notranslate"><span class="pre">user</span></code> and <code class="docutils literal notranslate"><span class="pre">anonymous</span></code>. Bucket
rate limit apply to buckets.  The user rate limit applies to a user.  The
<code class="docutils literal notranslate"><span class="pre">anonymous</span></code> option applies to an unauthenticated user. Anonymous scope is
available only for global rate limit.</p></li>
</ul>
</section>
<section id="set-user-rate-limit">
<h3>Set User Rate Limit<a class="headerlink" href="#set-user-rate-limit" title="Permalink to this heading"></a></h3>
<p>Before you can enable a rate limit, you must first set the rate limit
parameters. The following is the general form of commands that set rate limit
parameters:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--ratelimit-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;</span>
<span class="prompt1">&lt;<span class="o">[</span>--max-read-ops<span class="o">=</span>&lt;num<span class="w"> </span>ops&gt;<span class="o">]</span><span class="w"> </span><span class="o">[</span>--max-read-bytes<span class="o">=</span>&lt;num<span class="w"> </span>bytes&gt;<span class="o">]</span></span>
<span class="prompt1"><span class="o">[</span>--max-write-ops<span class="o">=</span>&lt;num<span class="w"> </span>ops&gt;<span class="o">]</span><span class="w"> </span><span class="o">[</span>--max-write-bytes<span class="o">=</span>&lt;num<span class="w"> </span>bytes&gt;<span class="o">]</span>&gt;</span>
</pre></div></div><p>An example of using <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">ratelimit</span> <span class="pre">set</span></code> to set a rate limit might
look like this:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--ratelimit-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--max-read-ops<span class="o">=</span><span class="m">1024</span><span class="w"> </span>--max-write-bytes<span class="o">=</span><span class="m">10240</span></span>
</pre></div></div><p>A value of <code class="docutils literal notranslate"><span class="pre">0</span></code> assigned to <code class="docutils literal notranslate"><span class="pre">--max-read-ops</span></code>, <code class="docutils literal notranslate"><span class="pre">--max-read-bytes</span></code>,
<code class="docutils literal notranslate"><span class="pre">--max-write-ops</span></code>, or <code class="docutils literal notranslate"><span class="pre">--max-write-bytes</span></code> disables the specified rate
limit.</p>
</section>
<section id="get-user-rate-limit">
<h3>Get User Rate Limit<a class="headerlink" href="#get-user-rate-limit" title="Permalink to this heading"></a></h3>
<p>The <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">ratelimit</span> <span class="pre">get</span></code> command returns the currently configured
rate limit parameters.</p>
<p>The following is the general form of the command that returns the current
configured limit parameters:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span>get<span class="w"> </span>--ratelimit-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;</span>
</pre></div></div><p>An example of using <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">ratelimit</span> <span class="pre">get</span></code> to return the rate limit
parameters might look like this:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span>get<span class="w"> </span>--ratelimit-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>johndoe</span>
</pre></div></div><p>A value of <code class="docutils literal notranslate"><span class="pre">0</span></code> assigned to <code class="docutils literal notranslate"><span class="pre">--max-read-ops</span></code>, <code class="docutils literal notranslate"><span class="pre">--max-read-bytes</span></code>,
<code class="docutils literal notranslate"><span class="pre">--max-write-ops</span></code>, or <code class="docutils literal notranslate"><span class="pre">--max-write-bytes</span></code> disables the specified rate
limit.</p>
</section>
<section id="enable-disable-user-rate-limit">
<h3>Enable/Disable User Rate Limit<a class="headerlink" href="#enable-disable-user-rate-limit" title="Permalink to this heading"></a></h3>
<p>After you have set a user rate limit, you must enable it in order for it to
take effect. Run a command of the following form to enable a user rate limit:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--ratelimit-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>&lt;uid&gt;</span>
</pre></div></div><p>To disable an enabled user rate limit, run a command of the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span>disable<span class="w"> </span>--ratelimit-scope<span class="o">=</span>user<span class="w"> </span>--uid<span class="o">=</span>johndoe</span>
</pre></div></div></section>
<section id="set-bucket-rate-limit">
<h3>Set Bucket Rate Limit<a class="headerlink" href="#set-bucket-rate-limit" title="Permalink to this heading"></a></h3>
<p>Before you enable a rate limit, you must first set the rate limit parameters.
The following is the general form of commands that set rate limit parameters:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1"><span class="w"> </span>radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--ratelimit-scope<span class="o">=</span>bucket<span class="w"> </span>--bucket<span class="o">=</span>&lt;bucket&gt;<span class="w"> </span>&lt;<span class="o">[</span>--max-read-ops<span class="o">=</span>&lt;num<span class="w"> </span>ops&gt;<span class="o">]</span><span class="w"> </span><span class="o">[</span>--max-read-bytes<span class="o">=</span>&lt;num<span class="w"> </span>bytes&gt;<span class="o">]</span></span>
<span class="prompt1"><span class="o">[</span>--max-write-ops<span class="o">=</span>&lt;num<span class="w"> </span>ops&gt;<span class="o">]</span><span class="w"> </span><span class="o">[</span>--max-write-bytes<span class="o">=</span>&lt;num<span class="w"> </span>bytes&gt;<span class="o">]</span>&gt;</span>
</pre></div></div><p>An example of using <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">ratelimit</span> <span class="pre">set</span></code> to set a rate limit for a
bucket might look like this:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--ratelimit-scope<span class="o">=</span>bucket<span class="w"> </span>--bucket<span class="o">=</span>mybucket<span class="w"> </span>--max-read-ops<span class="o">=</span><span class="m">1024</span><span class="w"> </span>--max-write-bytes<span class="o">=</span><span class="m">10240</span></span>
</pre></div></div><p>A value of <code class="docutils literal notranslate"><span class="pre">0</span></code> assigned to <code class="docutils literal notranslate"><span class="pre">--max-read-ops</span></code>, <code class="docutils literal notranslate"><span class="pre">--max-read-bytes</span></code>,
<code class="docutils literal notranslate"><span class="pre">--max-write-ops</span></code>, or <code class="docutils literal notranslate"><span class="pre">-max-write-bytes</span></code> disables the specified bucket rate
limit.</p>
</section>
<section id="get-bucket-rate-limit">
<h3>Get Bucket Rate Limit<a class="headerlink" href="#get-bucket-rate-limit" title="Permalink to this heading"></a></h3>
<p>The <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">ratelimit</span> <span class="pre">get</span></code> command returns the current configured rate
limit parameters.</p>
<p>The following is the general form of the command that returns the current
configured limit parameters:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span>get<span class="w"> </span>--ratelimit-scope<span class="o">=</span>bucket<span class="w"> </span>--bucket<span class="o">=</span>&lt;bucket&gt;</span>
</pre></div></div><p>An example of using <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">ratelimit</span> <span class="pre">get</span></code> to return the rate limit
parameters for a bucket might look like this:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span>get<span class="w"> </span>--ratelimit-scope<span class="o">=</span>bucket<span class="w"> </span>--bucket<span class="o">=</span>mybucket</span>
</pre></div></div><p>A value of <code class="docutils literal notranslate"><span class="pre">0</span></code> assigned to <code class="docutils literal notranslate"><span class="pre">--max-read-ops</span></code>, <code class="docutils literal notranslate"><span class="pre">--max-read-bytes</span></code>,
<code class="docutils literal notranslate"><span class="pre">--max-write-ops</span></code>, or <code class="docutils literal notranslate"><span class="pre">--max-write-bytes</span></code> disables the specified rate
limit.</p>
</section>
<section id="enable-and-disable-bucket-rate-limit">
<h3>Enable and Disable Bucket Rate Limit<a class="headerlink" href="#enable-and-disable-bucket-rate-limit" title="Permalink to this heading"></a></h3>
<p>After you set a bucket rate limit, you can enable it. The following is the
general form of the <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">ratelimit</span> <span class="pre">enable</span></code> command that enables
bucket rate limits:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--ratelimit-scope<span class="o">=</span>bucket<span class="w"> </span>--bucket<span class="o">=</span>&lt;bucket&gt;</span>
</pre></div></div><p>An enabled bucket rate limit can be disabled by running a command of the following form:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>ratelimit<span class="w"> </span>disable<span class="w"> </span>--ratelimit-scope<span class="o">=</span>bucket<span class="w"> </span>--uid<span class="o">=</span>mybucket</span>
</pre></div></div></section>
<section id="reading-and-writing-global-rate-limit-configuration">
<h3>Reading and Writing Global Rate Limit Configuration<a class="headerlink" href="#reading-and-writing-global-rate-limit-configuration" title="Permalink to this heading"></a></h3>
<p>You can read and write global rate limit settings in the period’s configuration.
To view the global rate limit settings, run the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>ratelimit<span class="w"> </span>get</span>
</pre></div></div><p>The global rate limit settings can be manipulated with the <code class="docutils literal notranslate"><span class="pre">global</span> <span class="pre">ratelimit</span></code>
counterparts of the <code class="docutils literal notranslate"><span class="pre">ratelimit</span> <span class="pre">set</span></code>, <code class="docutils literal notranslate"><span class="pre">ratelimit</span> <span class="pre">enable</span></code>, and <code class="docutils literal notranslate"><span class="pre">ratelimit</span>
<span class="pre">disable</span></code> commands. Per-user and per-bucket ratelimit configurations override
the global configuration:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--ratelimit-scope<span class="w"> </span>bucket<span class="w"> </span>--max-read-ops<span class="o">=</span><span class="m">1024</span></span>
<span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--ratelimit-scope<span class="w"> </span>bucket</span>
</pre></div></div><p>The global rate limit can be used to configure the scope of the rate limit for
all authenticated users:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--ratelimit-scope<span class="w"> </span>user<span class="w"> </span>--max-read-ops<span class="o">=</span><span class="m">1024</span></span>
<span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--ratelimit-scope<span class="w"> </span>user</span>
</pre></div></div><p>The global rate limit can be used to configure the scope of the rate limit for
all unauthenticated users:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">set</span><span class="w"> </span>--ratelimit-scope<span class="o">=</span>anonymous<span class="w"> </span>--max-read-ops<span class="o">=</span><span class="m">1024</span></span>
<span class="prompt1">radosgw-admin<span class="w"> </span>global<span class="w"> </span>ratelimit<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--ratelimit-scope<span class="o">=</span>anonymous</span>
</pre></div></div><div class="admonition note">
<p class="admonition-title">Note</p>
<p>In a multisite configuration where a realm and a period are present,
any changes to the global rate limit must be committed using <code class="docutils literal notranslate"><span class="pre">period</span> <span class="pre">update</span>
<span class="pre">--commit</span></code>. If no period is present, the rados gateway(s) must be restarted
for the changes to take effect.</p>
</div>
</section>
</section>
<section id="id22">
<h2>使用情况<a class="headerlink" href="#id22" title="Permalink to this heading"></a></h2>
<p>Ceph 对象网关会记录每个用户的使用情况，
你可以跟踪查看某段时间内每个用户的使用情况。</p>
<ul>
<li><p>需要在 <code class="docutils literal notranslate"><span class="pre">ceph.conf</span></code> 的 <code class="docutils literal notranslate"><span class="pre">[client.rgw]</span></code> 段下加
<code class="docutils literal notranslate"><span class="pre">rgw</span> <span class="pre">enable</span> <span class="pre">usage</span> <span class="pre">log</span> <span class="pre">=</span> <span class="pre">true</span></code> 配置，然后重启 <code class="docutils literal notranslate"><span class="pre">radosgw</span></code> 服务。</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Until Ceph has a linkable macro that handles all the many ways that options can be set, we advise that you set <code class="docutils literal notranslate"><span class="pre">rgw_enable_usage_log</span> <span class="pre">=</span> <span class="pre">true</span></code> in central config or in <code class="docutils literal notranslate"><span class="pre">ceph.conf</span></code> and restart all RGWs.</p>
</div>
</li>
</ul>
<p>选项有：</p>
<ul class="simple">
<li><p><strong>Start Date:</strong> The <code class="docutils literal notranslate"><span class="pre">--start-date</span></code> option allows you to filter usage
stats from a specified start date and an optional start time
(<strong>format:</strong> <code class="docutils literal notranslate"><span class="pre">yyyy-mm-dd</span> <span class="pre">[HH:MM:SS]</span></code>).</p></li>
<li><p><strong>End Date:</strong> The <code class="docutils literal notranslate"><span class="pre">--end-date</span></code> option allows you to filter usage up
to a particular end date and an optional end time
(<strong>format:</strong> <code class="docutils literal notranslate"><span class="pre">yyyy-mm-dd</span> <span class="pre">[HH:MM:SS]</span></code>).</p></li>
<li><p><strong>Log Entries:</strong> The <code class="docutils literal notranslate"><span class="pre">--show-log-entries</span></code> option allows you to specify
whether to include log entries with the usage stats
(options: <code class="docutils literal notranslate"><span class="pre">true</span></code> | <code class="docutils literal notranslate"><span class="pre">false</span></code>).</p></li>
</ul>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>You can specify time to a precision of minutes and seconds, but the
specified time is stored only with a one-hour resolution.</p>
</div>
<section id="id23">
<h3>查看使用情况<a class="headerlink" href="#id23" title="Permalink to this heading"></a></h3>
<p>To show usage statistics, use the <code class="docutils literal notranslate"><span class="pre">radosgw-admin</span> <span class="pre">usage</span> <span class="pre">show</span></code> command. To show
usage for a particular user, you must specify a user ID. You can also specify a
start date, end date, and whether to show log entries. The following is an example
of such a command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>usage<span class="w"> </span>show<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--start-date<span class="o">=</span><span class="m">2012</span>-03-01<span class="w"> </span>--end-date<span class="o">=</span><span class="m">2012</span>-04-01</span>
</pre></div></div><p>You can show a summary of usage information for all users by omitting the user
ID, as in the following example command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>usage<span class="w"> </span>show<span class="w"> </span>--show-log-entries<span class="o">=</span><span class="nb">false</span></span>
</pre></div></div></section>
<section id="id24">
<h3>清理统计日志<a class="headerlink" href="#id24" title="Permalink to this heading"></a></h3>
<p>Usage logs can consume significant storage space, especially over time and with
heavy use. You can trim the usage logs for all users and for specific users.
You can also specify date ranges for trim operations, as in the following
example commands:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span class="prompt1">radosgw-admin<span class="w"> </span>usage<span class="w"> </span>trim<span class="w"> </span>--start-date<span class="o">=</span><span class="m">2010</span>-01-01<span class="w"> </span>--end-date<span class="o">=</span><span class="m">2010</span>-12-31</span>
<span class="prompt1">radosgw-admin<span class="w"> </span>usage<span class="w"> </span>trim<span class="w"> </span>--uid<span class="o">=</span>johndoe</span>
<span class="prompt1">radosgw-admin<span class="w"> </span>usage<span class="w"> </span>trim<span class="w"> </span>--uid<span class="o">=</span>johndoe<span class="w"> </span>--end-date<span class="o">=</span><span class="m">2013</span>-12-31</span>
</pre></div></div></section>
</section>
</section>



<div id="support-the-ceph-foundation" class="admonition note">
  <p class="first admonition-title">Brought to you by the Ceph Foundation</p>
  <p class="last">The Ceph Documentation is a community resource funded and hosted by the non-profit <a href="https://ceph.io/en/foundation/">Ceph Foundation</a>. If you would like to support this and our other efforts, please consider <a href="https://ceph.io/en/foundation/join/">joining now</a>.</p>
</div>


           </div>
           
          </div>
          <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
        <a href="../config-ref/" class="btn btn-neutral float-left" title="Ceph 对象网关配置参考" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
        <a href="../account/" class="btn btn-neutral float-right" title="User Accounts" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).</p>
  </div>

   

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>